Date: Sat, 2 Jun 2007 22:42:28 +0200 From: Max Laier <max@love2party.net> To: Michal Mertl <mime@traveller.cz> Cc: freebsd-current@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf(4) status in 7.0-R Message-ID: <200706022242.37207.max@love2party.net> In-Reply-To: <1180766346.30151.3.camel@genius.i.cz> References: <20070601103549.GA22490@localhost.localdomain> <200706011717.54698.max@love2party.net> <1180766346.30151.3.camel@genius.i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart13748422.R2svJu85Op Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 02 June 2007, Michal Mertl wrote: > Max Laier wrote: > > [ moving this to the more specific list ] > > > > On Friday 01 June 2007, LI Xin wrote: > > > Stanislaw Halik wrote: > > > > Heya, > > > > > > > > Are there any plans to sync pf(4) before 7.0-R? OpenBSD has some > > > > neat stuff in it, including expiretable functionality, which > > > > would come in handy. > > > > > > Last time I have talked with Max (Cc'ed) about the issue, we > > > finally figured out that porting the whole stuff would need some > > > infrastructural changes to our routing code, which could be risky > > > so we wanted to avoid it at this stage (about 15 days before > > > RELENG_7 code freeze). On the other hand, some functionality (like > > > the expiretable feature) does not seem to touch a large part of > > > kernel and might be appropriate > > > RELENG_7(_0) candidate. > > > > > > Could you please enumerate some features that FreeBSD is currently > > > lack of and are considered "high priority" so we will be able to > > > evaluate whether to port? > > > > > > BTW. Patches are always welcome, as usual :-) So don't hesitate > > > to submit if you already did some work. > > > > ditto. I'd like to import a couple of features on a per-feature base > > rather than doing a complete import which isn't possible anymore due > > to SMP and routing code changes. > > > > Submit your list of features and I'll see what I can do this weekend. > > My list includes: > > > > - keep state and flags S/SA to default > > - improved state table purgeing (this is internal, but a huge > > benefit) - interface handling (groups etc.) > > - pfsync / pflog update (not 100% sure about these due to libpcap / > > tcpdump dependency) > > > > While at it, I might also introduce needed ABI breakage for netgraph > > interaction. > > > > Anything else? > > The updated ftp-proxy - the one in the tree does not rewrite source IP > address of data connections and some firewalls (e.g. Windows Firewall) > don't let the connection through. It should be pretty easy to import - > the program it already in some form in the ports tree. How do people feel about removing ftp-proxy from the base altogether? I=20 think it's better off in ports anyway. Opinions? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart13748422.R2svJu85Op Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQBGYdY9XyyEoT62BG0RAgciAJ0bB5tH0BO4gqlVM48gqoLde0U2HQCeLE8w eI/K30KEEvnjBIpCFL/NPGA= =1ebt -----END PGP SIGNATURE----- --nextPart13748422.R2svJu85Op--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706022242.37207.max>